In-brief: Alphabet’s Nest Cam continues to run even after users have turned it “off,” the company acknowledged on Tuesday, raising questions about transparency and the potential for privacy abuses using the popular home surveillance device.
Editor’s note: I have updated the story to add comment from Nest Labs. I also made the decision to change the word “watching” in the headline to “running,” based on a clearer statement from Nest Labs that motion detection and voice recognition features of the device are, indeed, disabled when the device is set to “off” using the mobile application. I also updated the story to indicate that Nest had responded to additional questions from Security Ledger. PFR 11/24/2015
How do you know when the Nest Cam monitoring your house is “on” or “off”? It’s simple: just look at the little power indicator light on the front of the device…and totally disregard what it is telling you.
Get the New 2017 SANS Research Report on 'Threat Hunting' -- Written by experts from the SANS Institute, the survey reveals a number of interesting data points about the challenges and benefits of threat hunting.
The truth is: the Nest Cam is never “off” despite an effort by Nest and its parent Alphabet* to make it appear otherwise. That, according to an analysis of the Nest Cam by the firm ABI Research, which found that turning the Nest Cam “off” using the associated mobile application only turns off the LED power indicator light on the front of the device. Under the hood, the camera continues to operate and, according to ABI researcher Jim Mielke, to monitor its surroundings: noting movement, sound and other activity when users are led to believe it has powered down.
“Basically, you have an LED that says ‘on’ and ‘off ‘ that shuts off – and that’s about it,” Mielke said when asked to describe what happens when a user turns the Nest Cam off. Mielke is the Vice President of Teardowns at ABI Research and the author of a report: “Teardown Phone/Device: Nest Cam Works Around the Clock.”
In an e-mail statement to Security Ledger, Nest Labs spokesperson Zoz Cuccias said that when Nest Cam is turned off, the LED indicator turns off, as well as the video and audio capture capability and that the device does not observe motion or audio, and does not do any audio or video processing.
Part of the “teardown” process is an analysis of a device’s power consumption, and that’s the point at which Mielke identified the unusual behavior by Nest Cam. Typically a shutdown or standby mode would reduce current by as much as 10 to 100 times, Mielke told Security Ledger. But the Alphabet Nest Cam’s power consumption was almost identical in “shutdown” mode and when fully operational, dropping from 370 milliamps (mA) to around 340mA. “This means that even when a consumer thinks that he or she is successfully turning off this camera, the device is still running, which could potentially unleash a tidal wave of privacy concerns,” Mielke wrote.
The slight reduction in power consumption for the Nest Cam when it was turned “off” correlates with the disabling of the LED power light, given that LEDs typically draw 10-20mA.
Cuccias of Nest Labs acknowledged that the Nest Cam does not fully power down when the camera is turned off from the user interface (UI).
“When Nest Cam is turned off from the user interface (UI), it does not fully power down, as we expect the camera to be turned on again at any point in time,” Cuccias wrote in an e-mail. “With that said, when Nest Cam is turned off, it completely stops transmitting video to the cloud, meaning it no longer observes its surroundings.”
Cuccias said that Nest Cam uses 128-bit SSL encryption, Perfect Forward Secrecy and a 2048-bit RSA key that is unique to each camera. “This ensures that videos are not accessible, even over open WiFi networks. That said, customers can always see the status of their camera through the Nest app,” she wrote in an e-mail.
While it may be true that the Nest Cam is not transmitting video to Amazon’s** cloud based servers when the device has been turned “off,” Mielke said the power consumption patterns of the disabled Nest Cam and an active Nest Cam observing its surroundings were “very similar,” leading him to conclude that the Nest Cam continues to observe its surroundings when users believe it is “off,” even if it does not capture video.
The Nest Cam status light has a number of different colors and operating modes that correlate with different behavior: connecting to the wireless network, recording, or broadcasting audio. The companion mobile application that is used to manage Nest Cams does allow users to turn off the status light via software without disabling camera streaming. According to this support page, there are two possible reasons Nest Cam’s light is off: the device “isn’t receiving power” or “the status light is set to off in the Nest app.” In the later case, Nest’s support site explains “the camera is streaming successfully, but status light is set to off, which makes the camera less noticeable and distracting.” Users are given instructions on using the Nest app to turn the status light on or off.
Nest was not able to respond to questions seeking further clarification of the monitoring behavior in “off” mode prior to publication.
Ben Ransford, the Chief Technology Officer at the firm Virta Labs said that it is common for plugged-in devices to stay in what he described as “medium-power states” to enable quick or convenient wakeup. Television sets and stereo systems, for example, commonly leave their infrared remote control sensors on constantly in the event that someone wants to turn the device “on.” “Power is so cheap in the U.S. that people don’t actually care about a trickle,” Ransford wrote in an e-mail.
There is an argument to be made for keeping security cameras in a constant state of readiness, Ransford said. But “there’s an obvious privacy problem.” “I don’t want a camera pointed at me all the time, even if it claims it’s not sending pictures anywhere,” he wrote.
Mielke said that ABI Research started its “breakdown” service, in which the analyst firm disassembles connected devices and other products, after getting requests from customers for such a service. He said privacy concerns on the part of customers were one driver. “We did get a lot of inquiries: how many these devices shut off and how many do not” he said. “This whole industry of the ‘smart home,’ people want to know ‘Is it watching all the time?’ ‘Is it listening all the time?’“
Uncertainty about when and where in-home surveillance cameras are “on” isn’t new. Researcher Mark Stanislav of the firm Rapid7 conducted extensive research on a range of baby monitors in recent months and found evidence that the devices don’t always behave as owners might expect. Specifically, Stanislav observed that, on some models of connected baby monitors, disabling features like live streaming via the affiliated mobile application did not, in fact, cause the device to stop the activity.
Ransford said that’s a problem. “A concern with the ‘on’ indicator is that it might not actually truly represent the ‘on-ness’ of the camera,” he wrote. That could then be exploited by malicious actors to spy on individuals, using the images they gathered for extortion or other means. In one noted incident, Cassidy Wolf, a former Miss Teen USA, said she was the victim of attempted extortion after her computer was infected with malicious software that disabled the LED indicator light on her webcam in order to surreptitiously film her.
Researchers presenting at the Usenix 2014 conference showed how software vulnerabilities made it possible to turn on a Macbook’s iSight camera without enabling the “camera on” indicator LED. “That’s why every security researcher I know puts little covers on their laptops’ cameras,” Ransford noted.
Federal regulators, including the FTC, have raised alarms about a lack of transparency with connected products when it comes to product design, data collection and reuse and privacy protections. In June, the Whitehouse announced that it was working with famed hacker Peiter Zatko (aka “Mudge”) to head up a new project aimed at developing an “underwriters’ lab” for cyber security. The new organization would function as an independent, non-profit entity designed to assess the security strengths and weaknesses of products and publishing the results of its tests.
(*) This story was corrected to indicate that Nest is now owned by Google spin-out Alphabet, not Google. PFR 11/25/2015
(**) This story was corrected to indicate that Nest Cam’s data including video is stored on Amazon Web Services, not Google’s cloud servers. PFR 11/25/2015